Build a page that only authorized users can access

The user interface has been simplified in Dreamweaver
CC and later. As a result, you may not find some of the options
described in this article in Dreamweaver CC and later. For more
information, see this article.

About protected pages

Your
web application can contain a protected page that only authorized
users can access.

For example, if a user attempts to bypass the login page by typing
the protected page’s URL in a browser, the user is redirected to
another page. Similarly, if you set the authorization level for
a page to Administrator only users with Administrator access privileges
can view the page. If a logged-in user attempts to access the protected
page without the proper access privileges, the user is redirected
to another page.

You can
also use authorization levels to review newly registered users before granting
them full access to the site. For example, you may want to receive payment
before allowing a user access to the member pages of the site. To
do so, you can protect the member pages with a Member authorization
level and only grant newly registered users Guest privileges. After
receiving payment from the user, you can upgrade the user’s access
privileges to Member (in the database table of registered users).

If you do not plan to use authorization levels, you can protect
any page on your site simply by adding a Restrict Access To Page
server behavior to the page. The server behavior redirects to another
page any user who has not successfully logged in.

If you do plan to use authorization levels, you can protect any
page on your site with the following building blocks:

A Restrict Access To Page server behavior to redirect
unauthorized users to another page

Regardless of whether you use authorization
levels, you can add a link to the protected page that lets a user
log out and clears any session variables.

Redirect unauthorized users

To prevent unauthorized users from accessing
a page, add a Restrict Access To Page server behavior to it. The
server behavior redirects the user to another page if the user attempts
to bypass the login page by typing the protected page’s URL in a
browser, or if the user is logged in but attempts to access the
protected page without the proper access privileges.

Märkus.

The
Restrict Access To Page server behavior can only protect HTML pages.
It does not protect other site resources such as image files and
audio files.

If you want to give many pages on your site
the same access rights, you can copy and paste access rights from
one page to another.

Redirect unauthorized users to
another page

Select the level of access for the page. To allow only
users with certain access privileges to view the page, select the
Username, Password, and Access Level option and specify the authorization
levels for the page.

For example, you can specify that only users with Administrator
privileges can view the page by selecting Administrator in the authorization
levels list.

To add authorization levels to the list, click Define.
In the Define Access Levels list that appears, enter a new authorization
level, and click the Plus (+) button. The new authorization level
is stored for use with other pages.

Ensure that the string for the authorization level matches
exactly the string stored in your user database. For example, if
the authorization column in your database contains the value “Administrator”,
enter Administrator, not Admin,
in the Name box.

To set more than one authorization level for a page,
Control‑click (Windows) or Command-click (Macintosh) the levels
in the list.

For example, you can specify that any user with Guest,
Member, or Administrator privileges can view the page.

Specify the page to open if an unauthorized user attempts
to open the protected page.

Ensure that the page you choose is not protected.

Click OK.

Copy and paste a page’s access
rights to other pages on the site

Open the protected page and select the
Restrict Access To Page server behavior listed in the Server Behaviors
panel (not the one in the Plus (+) pop‑up menu).

Click the arrow button in the upper-right corner of the
panel, and select Copy from the pop‑up menu.

The Restrict Access To Page server behavior is copied to
your system’s Clipboard.

Open another page you want to protect in the same way.

In the Server Behaviors panel (Window > Server
Behaviors), click the arrow button in the upper-right corner, and
select Paste from the pop‑up menu.

Repeat steps 3 and 4 for each page you want to protect.

Store access privileges in the
user database

This building block is required only
if you want certain logged-in users to have different access privileges.
If you simply require users to log in, you don’t have to store access
privileges.

To provide certain logged-in users with different
access privileges, make sure your database table of users contains
a column specifying each user’s access privileges (Guest, User,
Administrator, and so on). The access privileges of each user should
be entered in the database by the site administrator.

In most database applications, you can set a column to
a default value each time a new record is created. Set the default
value to the most common access privilege on your site (for example,
Guest); then manually change the exceptions (for example, changing
Guest to Administrator). The user now has access to all administrator
pages.

Make sure each user in the database has a single access
privilege, such as Guest or Administrator, not multiple privileges
like User, Administrator. To set multiple access privileges for
your pages (for example, all guests and administrators can see this
page), set those privileges at the page level, not the database
level.

Log out users

When
a user logs in successfully, a session variable is created that
consists of the user name. When the user leaves your site, you can
use the Log Out User server behavior to clear the session variable
and redirect the user to another page (usually a goodbye or thank
you page).

You can invoke the Log Out User server behavior
when the user clicks a link or when a specific page loads.